While in the early 2000’s lots of research was focused on Differential Power Analysis of first and second-order, it seems the recent trend is of even higher-order. As this order grows, countermeasures such as masking need to be designed in a more generic way. In this paper, we introduce a new constant weight implementation of the AES extending the idea of the software dual-rail countermeasure p...

Privacy in cloud computing is at the moment simply a promise to be kept by the software service providers. Users are neither able to control the disclosure of personal data to third parties nor to check if the software service providers have followed the agreed-upon privacy policy. Therefore, disclosure of the users‘ data to the software service providers of the cloud raises privacy risks. In t...

In recent years, improvement of software process is increasingly gaining attention. However, its practice is not easy because of difficulties of data collection and utilization of collected data. In this paper, we introduce Empirical Project Monitor (EPM), which is an automatic data collection and analysis system to support software process improvement. Collecting data from common tools used in...

This paper provides a simple but powerful theoretical framework for understanding and combining different approaches to software design. The main result is expressed in what we call The Principle of Limited Reduction. This principle states that relying on analytical behavior to reduce complexity introduces new sources of uncertainty and this requires experimental countermeasures. Correspondingl...

A growing number of connected objects, with their high performance and low-resources constraints, are embedding lightweight ciphers for protecting the confidentiality of the data they manipulate or store. Since those objects are easily accessible, they are prone to a whole range of physical attacks, one of which are fault attacks against for which countermeasures are usually expensive to implem...

Despite growing interest in the economic and policy aspects of information security, little academic research has used field data to examine the development process of a security countermeasure provider. In this paper, we empirically examine the learning process a security software developer undergoes in resolving a malware problem. Using the data collected from a leading antivirus software com...

Abstract Deep-learning side-channel attacks, applying deep neural networks to are known that can easily attack some existing countermeasures such as masking and random jitter. While there have been many studies on profiled deep-learning a new approach involves learning non-profiled attacks was proposed in 2018. In our study, we investigate the structure of multi-layer perceptrons points interes...

In this paper we introduce CAPA: a combined countermeasure against physical attacks. Our countermeasure provides security against higher-order SCA, multiple-shot DFA and combined attacks, scales to arbitrary protection order and is suitable for implementation in embedded hardware and software. The methodology is based on an attack model which we call tile-probe-and-fault, which is an extension ...